import { Controller, Inject, Get, Query } from '@midwayjs/decorator';
import { Context } from '@midwayjs/koa';
import { UserService } from '../service/user.service';

import { ParamsLack } from '../error/custom.error';

@Controller('/sqli')
export class SqliController {
  @Inject()
  ctx: Context;

  @Inject()
  userService: UserService;

  // !!!SQLI 根据ID查询用户
  @Get('/number/queryUser')
  async sqliNumber(@Query('id') id: string) {
    const spliceSQL = `SELECT * FROM USER WHERE id=${id}`;
    console.log(spliceSQL);
    return await this.userService.queryUserBySQL(spliceSQL).catch(() => {
      throw new ParamsLack();
    });
  }

  // !!!SQLI 根据username查询用户
  @Get('/string/queryUser')
  async sqliString(@Query('username') username: string) {
    const spliceSQL = `SELECT * FROM USER WHERE username='${username}'`;
    console.log(spliceSQL);
    return await this.userService.queryUserBySQL(spliceSQL).catch(() => {
      throw new ParamsLack();
    });
  }
}
